Re: [Tails-dev] Adding KeepassX to Tails Startup; can it be …

Delete this message

Reply to this message
Author: Peter N. Glaskowsky
Date:  
To: The Tails public development discussion list
CC: madx
Subject: Re: [Tails-dev] Adding KeepassX to Tails Startup; can it be done!

> On Feb 28, 2016, at 11:31 PM, madx@??? wrote:
> ...
> The first “C.L.P.P.S” password should be one the End-user has memorized. From there they can either open the tails persistent volume or they can open a second C.L.P.P.S Database. From there the password that opens the persistent volume should be in upwards of ten to twenty thousand characters.


If a short password is used to unlock a keychain that contains a longer password,

A) the net security of the system is still constrained by the entropy in the short password, and

B) there is absolutely ZERO benefit to storing a long password in text form that will immediately be hashed down to a binary key for a bulk cipher. Just store the binary key.

Best regards,

.                  png